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TECHNIQUE FOR ETHERNET ACCESS TO PACKET-BASED SERVICES 

Technical Field 

5 ~~~ 

This invention relates to a technique enabling access to packet-based services, 
such as IP, Frame Relay, and ATM, through an Ethernet Protocol network. 

Background Art 

10 

Presently, communication service providers, such as AT&T, offer high-speed data 
communications service to customers through a variety of access mechanisms. For 
example, a customer may gain network access through a private line connection, i.e., a 
direct link to the communications service provider's network. Private line access 
Q 1 5 provides a dedicated port not shared by anyone else with facility bandwidth available 
12 exclusively to the particular customer. Unfortunately, private line access is expensive, 

"^Lj and is practical only for customers that have very high traffic capacity requirements. 

1. 1 As an alternative to private line access, communications service providers such as 

j\ AT&T also offer virtual circuit access allowing several customers to logically share a 

s" """" 

Cf 20 single circuit, thus reducing costs. Such shared circuits, typically referred to as 
j»* Permanent Virtual Circuits, allow communication service providers to guarantee 

J"? customer traffic flows that are distinguishable from each, secure, and allow customers to 
enjoy different service features. An example of such a technique for offering such shared 
service in a Multi-Protocol Label Switching Network is disclosed in U.S. Patent 
25 6,081,524, assigned to AT&T. 

Presently, there is a trend towards using Ethernet networks in place of Frame 
Relay and ATM networks especially for transporting traffic among two or more premises 
belonging to the same customer. Ethernet-based Metropolitan Area Networks (MANs) 
currently exist in many areas and offer significant cost advantages on a per port basis, as 
30 compared to Frame Relay and ATM service. Transmission speeds as high as 100, 1000 
or even 10,000 MB/second are possible with such Ethernet MANs. Moreover, optical 
Ethernet MANs typically offer a rich set of features, flexible topology and simple-end-to 
end provisioning. 
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Present-day Ethernet-based MANs lack the ability to logically separate traffic 
received from different customers, giving rise to issues of data security. Moreover, such 
present day Ethernet-based MANs lack the ability to manage bandwidth among 
customers, thus preventing the network from regulating customer traffic to assure 
5 equitable access. Thus, there is a need for a technique for routing data in an Ethernet 
protocol network that overcomes the aforementioned disadvantages. 

Brief Summary of the Invention 

10 Briefly, in accordance with a preferred embodiment, a method is provided for 

routing data in an Ethernet protocol network having a plurality of platforms, each serving 
one or more customers. A first platform receives at least one frame from a sending site 
;u : (e.g., a first customer's premises) that is destined for a receiving site (e.g., another 
J:f premises belonging to the same or a different customer.) After receiving the frame, the 

Q 1 5 first platform overwrites a portion of the frame with a customer descriptor that 

I* 

sri specifically identifies the sending customer. In practice, the first platform will overwrite 
*h a Virtual Local Area Network (VLAN) field that is typically employed by the sending 

e customer for the purposes of routing data among various VLANs at the sending premises 

y~J premises. Rather than overwrite the VLAN field in the frame, the first platform could 
W 20 overwrite another field, such as the source address field, or could even employ a "shim" 
□ header containing the customer descriptor. All further use of the term customer 
descriptor implies that any of the above or similar techniques could be used. 

After overwriting the frame with the customer descriptor, the sending platform 
routes the frame onto the MAN network for routing among the other platforms, thereby 
25 sharing trunk bandwidth and other resources, but logically distinct from other customer's 
traffic with different customer descriptors. A destination address in the frame directs the 
frame to its corresponding receiving platform. Upon receipt of the frame, the receiving 
platform uses the customer descriptor to segregate the frame for delivery to the proper 
destination, especially in the event where different customers served by the same 
30 platform use overlapping addressing plans. Thus, the customer descriptor in each frame 
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advantageously enables the receiving platform to distinguish between different customers 
served by that platform. 

For traffic with a destination beyond the MAN, this method provides a convenient 
and efficient way to map the customer-descriptor to similar identifiers in a Wide Area 
5 Network (WAN), such as a Permanent Virtual Circuit (PVC), a Virtual Private Network 
(VPN), or an MPLS Label Switched Circuit. 

Overwriting each frame with the customer-descriptor thus affords the ability to 
logically segregate traffic on the Ethernet MAN to provide Virtual Private Network 
(VPN) services of the type offered only on more expensive Frame Relay and ATM 
10 networks. Moreover, the customer descriptor used to tag each frame can advantageously 
include Quality of Service (QoS) information, allowing the sender to specify different 
QoS levels for different traffic types, based on the Service Level Agreement (SLA) 

H between the customer and the communications service provider. 

O 

: JSS5I? 

.asst. 

:f 15 Brief Description of the Drawings 

m FIGURE 1 depicts an Ethernet Protocol Metropolitan Area Network (MAN) in 

: which each information frame is tagged with a customer descriptor in its VLAN field in 

C3 accordance with the present principles; 

12 20 FIGURE 2 illustrates a sample information frame for transmission over the 

O network of FIG. 1; 

FIGURE 3 illustrates a portion of the MAN showing the various stages in the 
tagging process; 

FIGURE 4 illustrates a portion of a MAN showing the use of the priority bits 
25 within the VLAN field to establish different Quality of Service levels; 

FIGURE 5 illustrates a portion of a MAN showing the manner in which 
information frames are mapped to different Permanent Virtual Circuits by an ATM 
switch; 

FIGURE 6 illustrates a portion of a MAN showing the manner in which 
30 information frames are mapped into different Multi-Protocol Label Switching (MPLS) 
tunnels; and 
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FIGURE 7 illustrates a portion of a MAN showing the manner in which 

information frames are mapped into different service networks. 



Detailed Description 

5 

FIGURE 1 depicts an Ethernet Protocol Metropolitan Area Network (MAN) 10 
comprised of a plurality of Multi-Service Platforms (MSPs) 12i-12„ where n is an integer, 
each MSP taking the form of an Ethernet switch or the like. In the illustrated 
embodiment n=A although the network 10 could include a smaller or larger number of 
10 MSPs. A fiber ring or SONET ring infrastructure 14 connects the platforms 12i-12 4 in 
daisy-chain fashion allowing each MSP to statistically multiplex information onto, and to 
statistically de-multiplexing information off the ring infrastructure 14. 

\t Each of MSPs 12i-12 3 serves at least one, and in some instances, a plurality of 

O 

S3 premises 16 belonging to one or more customers. In the illustrated embodiment of FIG. 
S 15 1, the MSP 12i serves a single customer premises 16i belonging to customer 1 whereas, 

^} the MSP 12 2 serves premises 16 2 , and 16 3 belonging to customers 2 and 3, respectively. 

lh The MSP 123 serves a single premises 16 4 that belongs to customer 3. The MSPs 12i-13 3 

I are linked to their corresponding premises via 10, 100 or 1000 MB linksl8. The MSP 

O 12 4 bears the legend "CO MSP" because it serves as a central office to route traffic from 

pi 

il 20 the MAN 10 to a Provider Edge Router (PER) 18 for delivery to other networks, such as 
Frame Relay, ATM, MPLS networks or the Internet as discussed hereinafter. By the 
same token, the PER 18 can route traffic from such other networks onto the MAN 10 via 
the CO MSP 124 

The traffic routed onto and off of the MAN 10 by each MSP takes the form of one 
25 or more information frames 20 depicted in FIG. 2. Heretofore, traffic routed onto the 
network 10 from a particular customer's premises was combined with other customer's 
traffic with no logical separation, thus raising security concerns. Moreover, since all 
customers' traffic share the same bandwidth, difficulties existed in prior art Ethernet 
MANs in regulating the traffic from each customer's premises, and in affording different 
30 customers different Quality of Service (QoS) level in accordance with individual Service 
Level Agreements. 
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These difficulties are overcome in accordance with the present principles by 

"tagging" each frame 20 routed onto the network 10 at a particular MSP, say MSP 123, 

with a customer descriptor 22' (best seen in FIG. 2) that identifies the customer sending 

that frame. As discussed in greater detail below, each MSP receiving a frame 20 on the 

5 fiber ring infrastructure 14 uses the customer descriptor 22' in that frame to maintain 

distinct routing and addressing tables that are assigned to each customer served by that 

MSP. This permits each customer to use their own addressing plan without fear of 

overlap with other customers, as they are all maintained as logically separate. 

FIGURE 2 depicts the structure of an exemplary Ethernet protocol frame 20 

10 specified by Ethernet Standard 802. 1Q. Among the blocks of bytes within each frame 20 

is a Virtual Local Area Network (VL AN) Identifier 22 comprised of sixteen bits. In 

practice, the VLAN identifier 22, in conjunction with a VLAN flag block 23 within the 

J* frame, facilitates routing of the frame within a customer's premises to a particular 

O VLAN. However, the VLAN identifier 22 has no influence on routing of the frame 20 

12 1 5 after receipt at a MSP. 

10 In accordance with the present principles, the prior disadvantages associated with 

iff conventional Ethernet networks, namely the lack of security and inability to regulate QoS 
.J . levels, are overcome by overwriting the VLAN identifier 22 in each frame 20 with the 
Q customer descriptor maintained by the service provider. Overwriting the VLAN 
|I 20 identifier 22 of FIG. 2 of each frame 20 with the customer descriptor 22' serves to "tag" 
that frame with identity of its sending customer identity, thus affording each MSP in the 
network 10 the ability to route those frames only among the premises belonging to that 
same sending customer. Such tagging affords the operator of the network 10 the ability 
to provide security in connection with frames transmitted across the network, since 
25 frames with customer ID A would not be delivered to any premises of customer with ID 
B. As an example, two or more customers served by a single MSP may use overlapping 
IP addressing schemes. In the absence of any other identifier, the MSP receiving such 
frame lacks the ability to assure accurate delivery. 

In the illustrated embodiment depicted in FIG. 2, each MSP of Fig. 1 tags the 
30 frame 20 by overwriting the VLAN identifier 22 with the customer descriptor 22'. 

However, tagging could occur in other ways, rather than overwriting the VLAN identifier 
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22. For example, the source address block 25 within the frame 20 could be overwritten 
with the customer descriptor 22'. Alternatively, the data field 25 could include a shim 
header comprising the customer descriptor 22'. 

The tagging of each frame 20 with the customer descriptor 22' affords several 
5 distinct advantages in connection with routing of the frames through the MAN. First, as 
discussed above, the tagging affords each recipient MSP the ability to distinguish traffic 
destined for customers with overlapping address schemes, and thus allows for segregating 
traffic on the MAN. Further, tagging each frame 20 with the customer descriptor 22' 
enables mapping of the frames from a MAN 100 depicted in FIG 3 to corresponding one 
10 of a plurality of customer Virtual Private Networks 261-263 within an MPLS network 28. 
As seen in FIG. 3, an MSP I2O2 within the MAN 100 receives traffic from premises I6O1, 
160 2 , and I6O3 belonging to customer 1, customer 2 and customer 3, respectively, which 
' f Z enjoy separate physical links to the MSP. Upon receipt of each from a particular 

0 customer, the MSP I2O2 overwrites that frame with the customer descriptor 
\pA 1 5 corresponding to the sending customer. 

:: irr. 

H! After tagging each data frame, the MSP I2O2 statistically multiplexes the frames 

If! onto the fiber ring infrastructure 14 for transmission to a CO MSP I2O4 for receipt at a 

1 = destination PER 1 80 that serves the MPLS network 28 within which are customer Virtual 
IH Private Networks 261-263. Using the customer descriptor in each frame, the PER 180 

I* 20 maps the frame to the corresponding VPN identifier associated with a particular one of 
£T customer Virtual Private Networks 261-263 to properly route each frame to its intended 
destination. 

The tagging scheme of the present invention also affords the ability to route 
information frames with different QoS levels within a MAN 1000 depicted in FIG 4. 

25 As seen in FIG. 4, an MSP I2OO2 within the MAN 1000 receives traffic from premises 
I6OO2, and I6OO3 belonging to customer 2 and customer 3, respectively, which enjoy 
separate physical links to the MSP, allowing each to send information frames into the 
MAN. In the illustrated embodiment of FIG. 4, the frames originating from the premise 
1600 2 may contain either voice or data and have corresponding QoS level associated with 

30 each type of frame. Upon receiving such frames, the MSP 1200 2 overwrites the frame 

with the customer descriptor corresponding to the particular customer sending the frame. 
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The customer descriptor will not only contain the identity of the sending customer, but 
the corresponding QoS level associated with that frame. 

After tagging each data frame, the MSP 1200 2 statistically multiplexes the frames 
onto the fiber ring infrastructure 14 for transmission to a CO MSP 1200 4 for receipt at a 
5 destination PER 1 800 that serves an MPLS network 280 within which are customer 
Virtual Private Networks 260 2 and 26O3. Using the customer descriptor in each frame, 
the PER 1800 of FIG. 4 maps the frame to the corresponding customer VPN to properly 
route each frame to its intended customer premises. Further, the PER 1800 of FIG. 4 also 
maps the QoS level specified in the customer descriptor in the frame to assure that the 
10 appropriate quality of service level is applied to the particular frame. 

In the above-described embodiments, the frames of customer traffic have been 
assumed to comprise IP packets that terminate on a router (i.e., Provider Edge Routers 
E 18,1 80and 1 800) and that the VPNs employ MPLS-BGP protocols. However, some 
customers may require multi-protocol support, or may otherwise require conventional 

O 

1 5 P VCs so that the traffic streams must be mapped into Frame Relay or ATM PVCs as 
^ depicted in FIG. 5, which illustrates a portion of a MAN 10000 having a CO MSP12000 4 
If! serving an ATM switch 30 that receives traffic from the MAN. As seen in FIG. 5, each 
of premises I6OOO1, 16000 2 and I6OOO3 belonging to customer 1, customer 2 and 
customer 3, respectively 5 may originate information frames for receipt at MSP 12000 2 in 
M< 20 the MAN 1 0000. The MSP 12000 2 tags each frame with the corresponding customer 
}2 descriptor prior to statistically multiplexing the data for transmission on the fiber ring 
infrastructure 14 to the CO MSP 12000 4 for receipt at the ATM switch 30. The ATM 
switch 30 then maps the frame to the appropriate PVC in accordance with the customer 
descriptor in the frame in a manner similar to the mapping described with respect to FIG. 
25 3. Thus, the ATM switch 30 could map the frame to one of Frame Relay recipients' 32i, 
32 2 , or 32 3 , ATM recipients 32 4 or 32 5 or IMA (Inverse Multiplexing over ATM) 
recipient 32 6 . 

FIG. 6 depicts a portion of a MAN network 100000 that routes frames onto 
separate MPLS tunnels 40i-40 3 (each emulating a private line 32 in an MPLS network 
30 2800) in accordance with the customer descriptor written into each frame by a MSP 
1200002 in the MAN. Each of customer premises I6OOOO1, 160000 2 and I6OOOO3 
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depicted in FIG. 6 originate information frames for receipt at MSP 120000 2 . The MSP 
120000 2 tags each frame with the customer descriptor prior to statistically multiplexing 
the data for transmission on the fiber ring infrastructure 14 for delivery to a CO MSP 
I2OOOO4 that serves a PER 18000. The PER 18000 translates the customer descriptors 
written onto the frames by the MSP 120000 2 into the MPLS tunnels 40i-40 3 to enable the 
PER to route the traffic to the intended customer. 

FIG. 7 depicts a portion of a MAN network 1000000 for routing traffic (i.e., 
information frames) onto separate networks in accordance with the customer descriptor 
written into each the frame by a MSP 1200002 in the MAN. Each of customer premises 
I6OOOOO2 and 16000003 depicted in FIG. 7 originates information frames for receipt by 
the MSP 12000002. The MSP 1200000 2 tags each frame with the customer descriptor 
prior to statistically multiplexing the data for transmission on the fiber ring infrastructure 
14 for delivery to a CO MSP 1200000 4 that serves a PER 180000. In accordance with the 
customer descriptor, the PER 1800000 of FIG. 7 routes traffic to a particular one of 
several different networks, e.g., an Intranet VPN 42 b a voice network 42 2 and the 
Internet 423, in accordance with the customer descriptor written onto the frame by the 
MSP 12 2 . 

The above-described embodiments merely illustrate the principles of the 
invention. Those skilled in the art may make various modifications and changes that will 
embody the principles of the invention and fall within the spirit and scope thereof. 



